Data Protection Policy

Introduction

At WBPC tour and travel SRL (hereinafter, “the Company”), we value the trust of our customers, employees, and collaborators, and we are committed to protecting the privacy and security of their personal data. This policy describes how we collect, use, store, and safeguard your personal data, in compliance with Law No. 172-13 on the Protection of Personal Data of the Dominican Republic, as well as the principles of the European Union’s General Data Protection Regulation (GDPR) and other applicable regulations.

Scope

This policy applies to all employees, contractors, suppliers, and any other parties who process or have access to the personal data managed by WBPC tour and travel SRL. It covers all personal data collected in the context of land transportation services, the sale of excursions, and any other related activities.

Definition of Personal Data

According to Dominican legislation and the principles of the GDPR, “personal data” refers to any information that identifies or can reasonably identify a natural person, including but not limited to:

  • Name, address, phone number, email address.
  • Financial information (payment and billing details).
  • Geolocation data, if collected through tracking systems or applications to coordinate transportation services.
  • Information related to bookings, excursions, destinations, schedules, and travel preferences.
  • Sensitive information (for example, health data or special assistance needs during travel).

Data Protection Principles

At WBPC tour and travel SRL, we adhere to the following principles:

  • Lawfulness, transparency, and fairness: We collect and process personal data lawfully, fairly, and transparently, always based on one of the legitimate grounds set forth by Law No. 172-13 and, where applicable, by the GDPR.
  • Purpose limitation: We only collect personal data for specific, legitimate purposes that are previously communicated to the data subject.
  • Data minimization: We collect only the amount of data necessary to fulfill the stated purposes.
  • Accuracy: We keep personal data up to date and correct or delete any inaccurate data.
  • Storage limitation: We retain personal data only for as long as necessary to fulfill the established purposes and to meet our legal obligations.
  • Integrity and confidentiality: We apply appropriate technical and organizational measures to prevent unauthorized access, disclosure, or alteration of personal data.

Collection and Use of Personal Data

We collect and process personal data for the following purposes:

  • Provision of land transportation and excursion services: Managing bookings, coordinating trips and activities, issuing invoices, and ensuring the proper delivery of contracted services.
  • Payment processing: When making payments via credit or debit cards through gateways such as PayPal or Azul, we collect the necessary information to securely process the payment.
  • Continuous service improvement: Analyzing trip and excursion information to optimize routes, timing, and our customers’ overall experience.
  • Legal and contractual compliance: Complying with fiscal, consumer protection, transportation, and other applicable regulations in the Dominican Republic, as well as obligations arising from contracts with our customers and suppliers.
  • Customer service: Handling complaints, requests for information, claims, and providing user support.

Consent

Whenever required by Law No. 172-13 and other applicable regulations, we will obtain the express consent of data subjects for the processing of sensitive information or for the use of personal data in activities not covered by the contractual relationship. When consent is the legal basis, it may be revoked at any time without affecting the lawfulness of the processing carried out based on the consent given prior to its withdrawal.

Data Subjects’ Rights

In accordance with Law No. 172-13 and applicable data protection regulations, data subjects have the following rights:

  • Access: Request information about the personal data the Company holds about you.
  • Rectification: Request the correction of inaccurate or incomplete personal data.
  • Erasure: Request the deletion of your personal data when there is no legal obligation to retain it.
  • Objection: Object to the processing of your data when there are legitimate and compelling reasons, especially in the case of processing for direct marketing.
  • Portability (when GDPR or equivalent legislation applies): Request a copy of your data in a structured, commonly used format.

Security of Personal Data

At WBPC tour and travel SRL, we have implemented technical and organizational measures to ensure the security of personal data and prevent unauthorized access, misuse, loss, or destruction. These measures include, among others:

  • Data encryption, where technically feasible, at rest and in transit.
  • Security protocols in payment gateways (PayPal and Azul) that comply with international security standards.
  • Restricted access to systems and databases containing personal data, through authentication and access control systems.
  • Periodic training for employees and collaborators on data protection and security measures.
  • Procedures for detecting and responding to security incidents.

Sharing Personal Data

We do not share personal data with third parties except in the following cases:

  • Service providers: We may engage third-party services (e.g., vehicle maintenance services, software developers, payment platforms) for business operations. These providers are bound by confidentiality commitments and must comply with data protection legislation.
  • Legal obligations: When required by law or at the request of competent authorities (e.g., tax or judicial authorities).

International Data Transfers

If we need to transfer personal data to a third country or international organization, we will ensure appropriate safeguards for its protection, whether through standard contractual clauses or other measures recognized by Law No. 172-13 and, where applicable, by EU regulations (GDPR).

Retention of Personal Data

We only retain personal data for as long as necessary to fulfill the described purposes or as long as there is a legal obligation requiring us to keep the information. Once the data is no longer needed, it will be securely deleted or anonymized.

Updates to the Data Protection Policy

WBPC tour and travel SRL reserves the right to amend this Data Protection Policy at any time in order to adapt it to legislative or regulatory changes or to business practices. Any changes will be promptly communicated to data subjects, either through our website or by other available means.

Contact

If you have any questions, concerns, or wish to exercise any of your rights regarding your personal data, you can contact our Data Protection Officer through the following means:

  • Email: waybuspuntacana@gmail.com
  • Phone: +1 (849) 8046086
  • Address: Av. Estados Unidos 23000, Punta Cana, Dominican Republic